Workforce Identity Architect, VP

MUFG•Jersey City, NJ

21h•Hybrid

About The Position

The Workforce Identity Architect is a senior architecture role responsible for defining and governing workforce (human) identity architecture at global scale. This role designs and standardizes how employee and partner identities are created, governed, authenticated, authorized, reviewed, and retired across hybrid and cloud environments. The Workforce Identity Architect operationalizes global IAM standards for human identity, ensuring secure, scalable, and auditable access while supporting regions transitioning through different identity maturity stages. This role focuses on architecture, standards, and enablement, not day‑to‑day operations or tool administration. This role is a senior architecture and standards role focused on workforce identity at enterprise and global scale, acting as a bridge between architecture, security, risk, and delivery teams. It is not an IAM operation or helpdesk role, a single-tool administrator position, or a regional-only identity role. Workforce identity is foundational to security, compliance, and user experience. This role ensures workforce identity evolves intentionally, consistently, and defensibly, enabling global scale while reducing access risk and operational friction.

Requirements

8–10+ years of experience in identity, access management, or security architecture roles.
Deep expertise in Microsoft Entra ID architecture in hybrid environments.
Strong experience designing JML lifecycle, identity governance, and privileged access controls.
Ability to design auditable, regulator‑defensible access models.
Proven ability to influence across technical and non‑technical stakeholders.
Enterprise‑level experience designing workforce identity architecture at scale.
Deep understanding of Joiner / Mover / Leaver (JML) lifecycle patterns and HR‑driven identity provisioning.
Strong grounding in least privilege, access lifecycle management, and identity hygiene.
Hands‑on architectural experience with Microsoft Entra ID in hybrid environments.
Design and governance of: Authentication and federation, Conditional Access and MFA, Tenant‑level architecture and integration patterns.
Proven experience designing identity governance solutions, including: Access reviews / certifications, Separation of Duties (SoD), Access request and approval workflows.
Ability to design auditable, regulator‑defensible access models.
Experience with privileged access for workforce identities, including: Privileged Identity Management (PIM), Just‑in‑Time (JIT) access concepts.
Strong ability to collaborate across architecture, engineering, security, risk, and audit teams.
Comfortable influencing outcomes without direct authority.
Ability to translate complex identity concepts into clear architectural standards.

Nice To Haves

Experience using analytics or AI‑assisted tools for access optimization and certification improvement.
Experience supporting global or federated IAM models with regional variation.
Familiarity with regulated industries (e.g., financial services).
Relevant identity or security certifications.
Experience using analytics or AI‑assisted tools to improve: Role and entitlement rationalization, Role / bundle design, Reduction of access certification noise and over‑reviewing.
Ability to translate analytic insights into architectural improvements, not just reports.
Experience designing B2B / partner identity patterns using Entra ID.
Understanding of secure external collaboration models that preserve centralized governance.
Experience operating in global or federated IAM models, supporting regions at varying maturity levels.
Familiarity with phased migrations from on‑prem AD‑centric to cloud‑mastered identity.
Experience defining or consuming IAM metrics, such as: Access review effectiveness, Orphaned or dormant access, Role reuse vs. sprawl.
Ability to use metrics to drive continuous improvement in identity design.
Familiarity with continuous access evaluation and signal‑driven identity models.
Exposure to workforce identity data platforms or identity fabric concepts.
Understanding of how workforce identity integrates with cloud platforms (e.g., AWS IAM Identity Center) without owning cloud IAM design.
Relevant certifications (e.g., Microsoft Identity, CISSP, CCSP, IAM‑focused certifications).
Experience in financial services or other highly regulated industries.

Responsibilities

Define and maintain global workforce identity architecture using Microsoft Entra ID in hybrid and cloud‑mastered environments.
Establish standard patterns for authentication, federation, Conditional Access, and MFA.
Design tenant‑level identity integration patterns that scale across applications and regions.
Architect and standardize Joiner / Mover / Leaver (JML) identity lifecycle patterns driven by authoritative HR sources.
Ensure consistent provisioning, modification, and deprovisioning of workforce identities.
Reduce orphaned, dormant, and over‑provisioned access through strong lifecycle design.
Define workforce identity governance standards, including access requests, access reviews, and separation of duties (SoD).
Architect privileged access models for workforce identities, including PIM and Just‑in‑Time access.
Ensure access models are auditable and aligned to regulatory and risk expectations.
Leverage analytics and AI‑assisted capabilities to improve role and entitlement design.
Reduce access certification noise by improving role quality, review scoping, and access rationalization.
Translate analytic insights into architectural improvements rather than one‑off reporting.
Define B2B and partner identity patterns using Entra ID that enable collaboration while maintaining centralized governance.
Ensure third‑party access aligns with global standards and workforce identity controls.
Partner with IAM Governance teams to define and consume workforce identity metrics, including access quality, review effectiveness, and lifecycle hygiene.
Use metrics to continuously improve identity architecture and reduce access risk.